Forum Discussion
Fernando_33356
Nimbostratus
Nimbostratusrules based on destination using standard VS
Hi have a standard VS (I can't change it to http). I want to drop connection going to a specific IP, I used:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 66.6.63.43/255.255.255.255] } then { drop } }
And it is not working. What am i doing wrong?
4 Replies
Fernando_33356I forgot to tell. The LTM are used to balance between our two firewall to get access to the internet. The idea is block one website with irules and use it in the future to block any access to malicious IP addresses.- Fernando_33356I am sorry, you said " you are checking the clients sourceIP and not the destinationIP" , but the irule you posted is using IP::local_addr. As far as I know local_addr is the client IP, that's why I used remote_add. The goal of my rule is to take the decision (drop) based on the destination IP.
- Chris_Miller
Altostratus
http://devcentral.f5.com/wiki/default.aspx/iRules.IP
If this is a outbound VS, client_addr would be the box on the private side of the VIS. remote_addr should be the destination address. local_addr is the VS address...not sure what that'd report for an outbound one. 
hoolioCirrostratus
As Chris and Stefan have suggested, IP::local_addr in CLIENT_ACCEPTED will return the LTM (client's destniation) address for the client connection. In CLIENT_ACCEPTED, IP::remote_addr will return the client IP.
Can you clarify the scenario more and let us know whether 66.6.63.43 is a pool member IP, a virtual server IP or you're using a wildcard virtual server?
I'm guessing the iRule Stefan posted will work for your scenario, as it will block connections through a wildcard virtual server destined to 66.6.63.43.
Thanks, Aaron
